Guest
Guest
Create New Topic As guest or Sign in
Assign topic to the user
-
Who verifies the implementation of controls?
I have your documentation toolkit - in the document called “Checklist of Mandatory Documentation” the “Mobile device policy” is in the list of “Commonly used non-mandatory documents”. As for A.6.2.1 A policy and supporting security measures shall be adopted…. I understand that we don’t need to write such a policy as the control does not say “shall be documented” but it just feels strange to not have a policy in written form… Is it a part of the Audit (internal and external) to verify that everyone knows how to handle mobile devices? -
ISO 27001 clauses
I have a question about ISO 27001 - we said that ISO 27001 has 14 clauses, what are those clauses? because in the norm we can only see clause 4-10? Could you please list these 14 clauses for me? -
Does the toolkit include the 27002 documentation and best practices?
I was just about to purchase the ISO 27001 toolkit to get started on this important project, but after reading a couple of your blog posts, I have a question. It seems that ISO 27002 provides details on which and how to implement 27001 controls. Does the toolkit include the 27002 documentation and best practices? If not, how to I leverage the 27002 information? -
Importance of ISO certifications
I am a fresher working for Shell Information Risk Management Team. I have not done any certification till now. However i hear a lot about ISO Certifications. But i need to understand how this is important in Compliance world. How can it benefit me to progress in my career. I want to excel in compliance world. Do let me know if you want to ask me any queries regarding the same. Your advise will be helpful. -
Program success factors
- The subject matter I need to know is how to keep a successful program running; why do people Pass successfully for several years, and then begin to fail (with disastrous consequences)?
- I am a Certified Internal Auditor with several years of Internal Audit experience, getting ready to transition, and am looking for an ISO 27001 Analyst or Auditor job; how can I find companies who are (or are looking to become) ISO 27001 compliant?
-
Certifications for consultancy
Just wondering what certificates does a security consultancy company need?Is there any more certifications that are necessary when the company does consultancy services? -
Control of documents
If my company is using a standard template for policies and procedures and we want to change this template to satisfy both business & ISO needs, if we have the new template approved via defined formal channel as described in our document control procedure, shall we now change all the existing policies and procedure with the new template or we can state in our document control procedure that starting from "A defined date" any new or updated policy/procedure shall use the new template? -
Performing risk assessment
I have a problem in understanding the risk assessment. Suppose that i am an ISMS consultant in an organization. I must do "risk assessment". Here is the problem. should i first define some policies for the organization and then do the risk assessment? or first i should do the risk assessment and based on it, define some policies? If the latter is correct, how can i do it? For example for assessing the risks about the password, if the organization doesn't have any password policy, how can i determine that the risk assessment should be based on 8-character passwords or 10-character passwords? -
BYOD Policy template content
es fehlen weitere Listen: -
Audit tools suggestion
I just got an offer for a position as ISO 27001 Auditor in an international company without any Audit management tools. Of course the company has already be ISO 27001 certified but need maintenance before recertification.